openbsd
2 years agoRecord session ID, host key and sig at intital KEX
djm [Sun, 19 Dec 2021 22:08:06 +0000 (22:08 +0000)]
Record session ID, host key and sig at intital KEX

These will be used later for agent session ID / hostkey binding

ok markus@

2 years agodocument BN_consttime_swap(3); this will probably require more work,
schwarze [Sun, 19 Dec 2021 22:06:35 +0000 (22:06 +0000)]
document BN_consttime_swap(3); this will probably require more work,
but what i have so far is already better than nothing

2 years agoSimplify error message emitted when requested partition size
krw [Sun, 19 Dec 2021 19:26:18 +0000 (19:26 +0000)]
Simplify error message emitted when requested partition size
cannot be accommodated. "not enough space" should be enough for
anyone.

Requested by deraadt@

2 years agosync
deraadt [Sun, 19 Dec 2021 18:57:04 +0000 (18:57 +0000)]
sync

2 years agodocument BN_uadd(3) and BN_usub(3)
schwarze [Sun, 19 Dec 2021 18:39:32 +0000 (18:39 +0000)]
document BN_uadd(3) and BN_usub(3)

2 years agodocument BN_zero_ex(3)
schwarze [Sun, 19 Dec 2021 16:18:34 +0000 (16:18 +0000)]
document BN_zero_ex(3)

2 years agoPut CTLOG and SCT stacks definitions in the right place.
jsing [Sun, 19 Dec 2021 14:33:53 +0000 (14:33 +0000)]
Put CTLOG and SCT stacks definitions in the right place.

No functional change.

2 years agoaplmbox(4)
kettenis [Sun, 19 Dec 2021 13:15:47 +0000 (13:15 +0000)]
aplmbox(4)

2 years agoEnable aplmbox(4).
kettenis [Sun, 19 Dec 2021 13:07:36 +0000 (13:07 +0000)]
Enable aplmbox(4).

2 years agowhitespace
kettenis [Sun, 19 Dec 2021 12:45:14 +0000 (12:45 +0000)]
whitespace

2 years agolog_warn -> log_warnx since the warning printed uses tls_error()
claudio [Sun, 19 Dec 2021 12:19:31 +0000 (12:19 +0000)]
log_warn -> log_warnx since the warning printed uses tls_error()
and therefor printing the errno as well makes no sense.

2 years agoReduce the overhead of all trace routines by returning as early as
anton [Sun, 19 Dec 2021 07:45:59 +0000 (07:45 +0000)]
Reduce the overhead of all trace routines by returning as early as
possible in kd_curproc().

2 years agofix setting palette with 8bpp fb used on 8mb parts
jsg [Sun, 19 Dec 2021 06:29:30 +0000 (06:29 +0000)]
fix setting palette with 8bpp fb used on 8mb parts

2 years agofix radeondrm console colours on sparc64
jsg [Sun, 19 Dec 2021 03:39:05 +0000 (03:39 +0000)]
fix radeondrm console colours on sparc64

Directly do register writes in the sparc64 specific
radeondrm_setcolor() instead of trying to pass colour values via
crtc->gamma_store.  With these changes the console changes from
white text on a black background to black text on a white background.

Only older radeon families are handled and crtc selection is
skipped as with radeonfb.  Both of the sun radeon parts fall
into this family < CHIP_RS600 path.

xvr-100 (0x1002:0x5159 pci rv100)
xvr-300 (0x1002:0x5b64 pcie rv380)

Tested on a Sun Blade 100 with XVR-100 by Ted Bullock
who also helped with the patch.

2 years agodrm/amd/display: add connector type check for CRC source set
jsg [Sun, 19 Dec 2021 01:33:26 +0000 (01:33 +0000)]
drm/amd/display: add connector type check for CRC source set

From Perry Yuan
f35f7f04aa80587bfe00c5e679df054918e79a63 in linux 5.10.y/5.10.87
2da34b7bb59e1caa9a336e0e20a76b8b6a4abea2 in mainline linux

2 years agodrm/amd/display: Fix for the no Audio bug with Tiled Displays
jsg [Sun, 19 Dec 2021 01:30:41 +0000 (01:30 +0000)]
drm/amd/display: Fix for the no Audio bug with Tiled Displays

From Mustapha Ghaddar
dd3cea3425226565c959a1a6b1a1cce2e3394713 in linux 5.10.y/5.10.87
5ceaebcda9061c04f439c93961f0819878365c0f in mainline linux

2 years agoSuppress error output from sysctl: kern.allowdt doesn't exist on
guenther [Sun, 19 Dec 2021 01:07:50 +0000 (01:07 +0000)]
Suppress error output from sysctl: kern.allowdt doesn't exist on
several archs and complaining about that from the Makefile doesn't
help anyone.

ok deraadt@ bluhm@

2 years agosync
deraadt [Sat, 18 Dec 2021 23:45:49 +0000 (23:45 +0000)]
sync

2 years agotighten the decription of -F; from richard ulmer
jmc [Sat, 18 Dec 2021 21:41:49 +0000 (21:41 +0000)]
tighten the decription of -F; from richard ulmer
ok ratchov

2 years agoDocument BN_abs_is_word(3).
schwarze [Sat, 18 Dec 2021 21:11:50 +0000 (21:11 +0000)]
Document BN_abs_is_word(3).

While here, add the missing "const" qualifier to the second parameter
of BN_is_word(3) - even though i doubt that marking an integral type
parameter as "const" serves any significant purpose...

Note that the OpenSSL documentation for this function that Billy
Brumley committed on August 4, 2021 is actually wrong.  Essentially,
it says "BN_abs_is_word() test[s] if a equals ... |w|."  Now pray
tell me, what exactly is the point of taking the absolute value of
an unsigned integer number?  To compensate for the obvious absurdity
of his patch, Billy made a point of getting *three* OKs from rather
notable people: Pauli Dale, Nicola Tuveri, and Dmitry Belyavskiy.

I believe this is a striking example of the cavalier attitude some
projects put on display when it comes to documentation, and also a
striking example of how bad documentation can occasionally be worse
than no documentation at all, because the OpenSSL manual page will
now thoroughly confuse anyone reading it.

SCNR pointing out this (hopefully unintentional) hilarity - or is
this an attempt at trolling the readers of their documentation?
If it is, they certainly got me.

2 years agosupport processing <openssl/bn.h>
schwarze [Sat, 18 Dec 2021 19:55:26 +0000 (19:55 +0000)]
support processing <openssl/bn.h>

2 years agoadd the missing .Nm BN_get_rfc3526_prime_1536,
schwarze [Sat, 18 Dec 2021 19:43:01 +0000 (19:43 +0000)]
add the missing .Nm BN_get_rfc3526_prime_1536,
fixing a minibug found with check_complete.pl

2 years agonew manual page OBJ_add_sigid(3)
schwarze [Sat, 18 Dec 2021 17:47:44 +0000 (17:47 +0000)]
new manual page OBJ_add_sigid(3)

2 years agoKNF two comments
tb [Sat, 18 Dec 2021 17:26:54 +0000 (17:26 +0000)]
KNF two comments

2 years agoReinstate the licenses that were replaced with a license stub
tb [Sat, 18 Dec 2021 16:58:20 +0000 (16:58 +0000)]
Reinstate the licenses that were replaced with a license stub
in OpenSSL commit d2e9e320.

2 years agoRevert license stubs to full licenses in the remaining files.
tb [Sat, 18 Dec 2021 16:50:40 +0000 (16:50 +0000)]
Revert license stubs to full licenses in the remaining files.

2 years agoReinstate the license stubs to their original licenses in most of the
tb [Sat, 18 Dec 2021 16:34:52 +0000 (16:34 +0000)]
Reinstate the license stubs to their original licenses in most of the
files in libcrypto/ct. This reverts OpenSSL commit d2e9e320

discussed with jsing

2 years agoConvert o2i_SCT* functions to CBS.
jsing [Sat, 18 Dec 2021 15:59:50 +0000 (15:59 +0000)]
Convert o2i_SCT* functions to CBS.

This provides cleaner and safer code.

ok inoguchi@ tb@

2 years agoRename argument to SCT_LIST_free()
jsing [Sat, 18 Dec 2021 15:58:59 +0000 (15:58 +0000)]
Rename argument to SCT_LIST_free()

2 years agoAdd aplmbox(4), a driver for the mailbox that provides a communication
kettenis [Sat, 18 Dec 2021 13:33:52 +0000 (13:33 +0000)]
Add aplmbox(4), a driver for the mailbox that provides a communication
channel with additional cores integrated on Apple SoCs.

ok patrick@

2 years agoMake sure we receive what we expect over imsg.
florian [Sat, 18 Dec 2021 10:34:19 +0000 (10:34 +0000)]
Make sure we receive what we expect over imsg.

Instead of repairing potential garbage ensure that we receive proper C
strings. Inspired by a similar diff by deraadt@ for ldapd.

2 years agoAdd a mailbox "framework" to handle mailboxes referenced in device trees
kettenis [Sat, 18 Dec 2021 09:19:25 +0000 (09:19 +0000)]
Add a mailbox "framework" to handle mailboxes referenced in device trees
in a generic way.

ok visa@

2 years agoReduce the overhead of the trace compare routines by checking if kcov is
anton [Sat, 18 Dec 2021 08:24:31 +0000 (08:24 +0000)]
Reduce the overhead of the trace compare routines by checking if kcov is
enabled for the current thread before doing anything else.

2 years agoMake use of ntests variable, pointed out by clang 13.
anton [Sat, 18 Dec 2021 06:53:59 +0000 (06:53 +0000)]
Make use of ntests variable, pointed out by clang 13.

2 years agosync
deraadt [Sat, 18 Dec 2021 03:57:15 +0000 (03:57 +0000)]
sync

2 years agonew manual page OBJ_NAME_add(3)
schwarze [Fri, 17 Dec 2021 17:56:14 +0000 (17:56 +0000)]
new manual page OBJ_NAME_add(3)

2 years agoAvoid errors about clang13-only options here, to ease transition
jca [Fri, 17 Dec 2021 17:06:39 +0000 (17:06 +0000)]
Avoid errors about clang13-only options here, to ease transition

As pointed out by deraadt@ we can do better than ask people to follow
instructions.  Note that you still need an up-to-date clang if you
update your kernel Makefiles, as those use clang13-only options.

Also -Werror doesn't bring much in binutils context.  It's an outdated
codebase with lots of warts, which frequently breaks due to -Werror
during clang updates.

"This is the right fix" deraadt@

2 years agomention lh_strhash(3) in the NAME, SYNOPSIS, and HISTORY sections;
schwarze [Fri, 17 Dec 2021 16:32:07 +0000 (16:32 +0000)]
mention lh_strhash(3) in the NAME, SYNOPSIS, and HISTORY sections;
while here, repair a typo in the lh_retrieve(3) synopsis

2 years agosync
patrick [Fri, 17 Dec 2021 15:00:06 +0000 (15:00 +0000)]
sync

2 years agoDisable a few warning flags that were introduced and enabled by default
patrick [Fri, 17 Dec 2021 14:59:21 +0000 (14:59 +0000)]
Disable a few warning flags that were introduced and enabled by default
with LLVM 13.

2 years agoUpdate build infrastructure for LLVM 13.0.0.
patrick [Fri, 17 Dec 2021 14:55:43 +0000 (14:55 +0000)]
Update build infrastructure for LLVM 13.0.0.

2 years agoMerge LLVM 13.0.0.
patrick [Fri, 17 Dec 2021 14:46:39 +0000 (14:46 +0000)]
Merge LLVM 13.0.0.

2 years agoDo not try to unlock a NULL object.
mpi [Fri, 17 Dec 2021 14:18:15 +0000 (14:18 +0000)]
Do not try to unlock a NULL object.

Fix a NULL dereference introduced in previous, reported by anton@ and
Benjamin Baier.

Reported-by: syzbot+c172bd335801b67e515b@syzkaller.appspotmail.com
2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:26:52 +0000 (12:26 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:26:32 +0000 (12:26 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:26:13 +0000 (12:26 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:25:51 +0000 (12:25 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:25:18 +0000 (12:25 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:25:01 +0000 (12:25 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:24:32 +0000 (12:24 +0000)]
Import LLVM 13.0.0 release.

2 years agoImport LLVM 13.0.0 release.
patrick [Fri, 17 Dec 2021 12:23:18 +0000 (12:23 +0000)]
Import LLVM 13.0.0 release.

2 years agoDeclare pthread_atfork as weak to avoid a fatal error with LLVM 13
jca [Fri, 17 Dec 2021 12:03:16 +0000 (12:03 +0000)]
Declare pthread_atfork as weak to avoid a fatal error with LLVM 13

Fixes behavior with current clang, which marks the symbol as GLOBAL
instead of WEAK.  LLVM change: https://reviews.llvm.org/D90108
base-gcc is unaffected.  Keep asm(".weak") for gcc3 until a cleanup can
be tested there.

Initial diff from mortimer@, input and ok kettenis@, ok guenther@

2 years agoalphabetical order is hard, tb...
tb [Fri, 17 Dec 2021 11:28:05 +0000 (11:28 +0000)]
alphabetical order is hard, tb...

2 years agofix indent
tb [Fri, 17 Dec 2021 11:25:22 +0000 (11:25 +0000)]
fix indent

2 years agoDocument the failure mode if size is too small and mention that
millert [Thu, 16 Dec 2021 19:15:29 +0000 (19:15 +0000)]
Document the failure mode if size is too small and mention that
allocating space when buf is NULL is an extension more prominently.
Clarify that getwd() is deprecated and should not be used.
Mention EFAULT errno value for invalid (non-NULL) buf.
OK deraadt@ jmc@

2 years agogetwd(3): don't malloc space for buf if it is NULL
millert [Thu, 16 Dec 2021 19:12:43 +0000 (19:12 +0000)]
getwd(3): don't malloc space for buf if it is NULL
The 4.3BSD getwd(3) did not malloc space, use __getcwd(2) directly
so the compat function doesn't either.  OK deraadt@

2 years agolibradius: convert to HMAC_CTX on the heap
tb [Thu, 16 Dec 2021 17:32:51 +0000 (17:32 +0000)]
libradius: convert to HMAC_CTX on the heap

This is another fairly mechanical conversion to prepare the switch
to opaque HMAC_CTX. It adds missing error checking for the HMAC API
and uses HMAC_Init_ex() instead of the deprecated HMAC_Init().

ok jsing

2 years agoarm64 can boot from softraid too; ok patrick
tj [Thu, 16 Dec 2021 17:07:56 +0000 (17:07 +0000)]
arm64 can boot from softraid too; ok patrick

2 years agodocument obj_cleanup_defer(3) and check_defer(3)
schwarze [Thu, 16 Dec 2021 16:36:16 +0000 (16:36 +0000)]
document obj_cleanup_defer(3) and check_defer(3)

2 years agoFix a tiny race in tdb_delete() between TDBF_DELETED, tdb_unlink()
bluhm [Thu, 16 Dec 2021 15:38:03 +0000 (15:38 +0000)]
Fix a tiny race in tdb_delete() between TDBF_DELETED, tdb_unlink()
and tdb_cleanspd().  gettdb...() can return a TDB before tdb_unlink().
Then ipsp_spd_lookup() could add it to tdb_policy_head after
tdb_cleanspd().  There it would stay until it hits the kassert in
tdb_free().
OK tobhe@

2 years agoTo ease maintenance, structure the lists of intentionally undocumented
schwarze [Thu, 16 Dec 2021 12:26:40 +0000 (12:26 +0000)]
To ease maintenance, structure the lists of intentionally undocumented
symbols according to the reason (internal, obsolete, postponed)
and according to the header file (asn1, objects, x509, ...).
Also, add some minor tweaks needed for <openssl/objects.h>.

2 years agoWhen adding the extra 10% of space to a needed sysctl buffer use math
claudio [Thu, 16 Dec 2021 09:33:56 +0000 (09:33 +0000)]
When adding the extra 10% of space to a needed sysctl buffer use math
that is less likely to overflow the int type used. A BGP fullfeed is
now so big that this calculation overflowed and then got sign extended.
The result was for example 'route -n show' failures.
Problem identified with deraadt@
OK deraadt@ (more cleanup needed but this fix is a good start)

2 years agoAttach com over acpi on amd64. Some hardware uses a different interrupt
anton [Thu, 16 Dec 2021 08:03:17 +0000 (08:03 +0000)]
Attach com over acpi on amd64. Some hardware uses a different interrupt
assignment compared to the the legacy one supported by com over isa.
This causes the console to halt once userland takes over as no
interrupts are received. The actual address and irq can be read from
ACPI, kettenis@ already added support for arm64 which paved the way for
amd64.

Some consoles that previously attached over isa are now expected to
attach over acpi.

Thanks to patrick@ for testing on arm64.

ok kettenis@

2 years agounifdef TLS13_USE_LEGACY_CLIENT_AUTH
tb [Thu, 16 Dec 2021 06:32:56 +0000 (06:32 +0000)]
unifdef TLS13_USE_LEGACY_CLIENT_AUTH

Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.

As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.

discussed with jsing

2 years agofix zero division found by syzkaller. The sanity checks in pf(4) ioctls
sashan [Thu, 16 Dec 2021 02:01:59 +0000 (02:01 +0000)]
fix zero division found by syzkaller. The sanity checks in pf(4) ioctls
are not powerful enough to detect invalid port ranges (or even invalid
rules). syzkaller does not use pfctl(8), it uses ioctl(2) to pass some
random chunk of memory as a rule to pf(4). Fix adds explicit check
for 0 divider to pf_get_transaddr(). It should make syzkaller happy
without disturbing anyone else.

OK gnezdo@

Reported-by: syzbot+d1f00da48fa717e171f3@syzkaller.appspotmail.com
2 years agopool_get w/ PR_ZERO is better than following with a bzero, because pools
deraadt [Thu, 16 Dec 2021 00:54:42 +0000 (00:54 +0000)]
pool_get w/ PR_ZERO is better than following with a bzero, because pools
hold dirty and clean memory, and can hand out the right time cheaper
ok dlg

2 years agosync
deraadt [Thu, 16 Dec 2021 00:44:21 +0000 (00:44 +0000)]
sync

2 years agoFix the argument passed to garbage collector enforce thread for
mvs [Wed, 15 Dec 2021 22:29:55 +0000 (22:29 +0000)]
Fix the argument passed to garbage collector enforce thread for
'unsopassgc' test. Also increase it's file descriptor limit.

2 years agodocument OBJ_new_nid(3), OBJ_add_object(3), and OBJ_create_objects(3);
schwarze [Wed, 15 Dec 2021 22:20:12 +0000 (22:20 +0000)]
document OBJ_new_nid(3), OBJ_add_object(3), and OBJ_create_objects(3);
mark OBJ_create_and_add_object() as intentionally undocumented

2 years agoFix whitespace.
bluhm [Wed, 15 Dec 2021 21:25:55 +0000 (21:25 +0000)]
Fix whitespace.

2 years agoIncrease file descriptor limit for undgram_conclose test.
bluhm [Wed, 15 Dec 2021 20:56:56 +0000 (20:56 +0000)]
Increase file descriptor limit for undgram_conclose test.
ok mvs@

2 years agoinclude unistd.h directly rather than pulling it in via zlib's zconf.h
tb [Wed, 15 Dec 2021 20:43:31 +0000 (20:43 +0000)]
include unistd.h directly rather than pulling it in via zlib's zconf.h
(needed for getdtablecount).

2 years agoFix compiler warning.
bluhm [Wed, 15 Dec 2021 20:41:28 +0000 (20:41 +0000)]
Fix compiler warning.
ok mvs@

2 years agoMove OBJ_create(3) into its own manual page
schwarze [Wed, 15 Dec 2021 20:07:51 +0000 (20:07 +0000)]
Move OBJ_create(3) into its own manual page
because OBJ_nid2obj(3) is already long and
more functions related to OBJ_create(3) have to be documented.

2 years agogrep: Add missing unistd.h and limits.h includes
tb [Wed, 15 Dec 2021 19:22:44 +0000 (19:22 +0000)]
grep: Add missing unistd.h and limits.h includes

Both binary.c and file.c currently pull in unistd.h via zlib's zconf.h.
binary.c uses SEEK_SET and file.c a bunch of things like close(), isatty(),
lseek(). In addition file.c needs limits.h for PATH_MAX.

ok deraadt

2 years agomore sys/signal.h before sys/proc.h
anton [Wed, 15 Dec 2021 18:42:38 +0000 (18:42 +0000)]
more sys/signal.h before sys/proc.h

2 years agoRename asn1_lib.c to asn1_old_lib.c
jsing [Wed, 15 Dec 2021 18:12:10 +0000 (18:12 +0000)]
Rename asn1_lib.c to asn1_old_lib.c

This will allow us to add a new asn1_lib.c while replacing the code that is
in currently in asn1_old_lib.c.

Discussed with tb@

2 years agoSync bytestring with libssl.
jsing [Wed, 15 Dec 2021 18:02:39 +0000 (18:02 +0000)]
Sync bytestring with libssl.

2 years agoConsolidate various ASN.1 code.
jsing [Wed, 15 Dec 2021 18:00:31 +0000 (18:00 +0000)]
Consolidate various ASN.1 code.

Rather than having multiple files per type (with minimal code per file),
use one file per type (a_<type>.c).

No functional change.

Discussed with tb@

2 years agoUse CBS_get_last_u8() to find the content type in TLSv1.3 records.
jsing [Wed, 15 Dec 2021 17:57:45 +0000 (17:57 +0000)]
Use CBS_get_last_u8() to find the content type in TLSv1.3 records.

ok tb@

2 years agounifdef -U CRYPTO_MDEBUG -m tasn_new.c
jsing [Wed, 15 Dec 2021 17:53:36 +0000 (17:53 +0000)]
unifdef -U CRYPTO_MDEBUG -m tasn_new.c

2 years agoAdd coverage for CBS additions.
jsing [Wed, 15 Dec 2021 17:37:42 +0000 (17:37 +0000)]
Add coverage for CBS additions.

2 years agoProvide various CBS_peek_* functions.
jsing [Wed, 15 Dec 2021 17:36:49 +0000 (17:36 +0000)]
Provide various CBS_peek_* functions.

These will be used in libcrypto.

With input from and ok tb@

2 years agoProvide CBS_get_u64().
jsing [Wed, 15 Dec 2021 17:30:20 +0000 (17:30 +0000)]
Provide CBS_get_u64().

This will be used in the libcrypto certificate transparency code.

ok tb@

2 years agoProvide CBS_get_last_u8().
jsing [Wed, 15 Dec 2021 17:23:34 +0000 (17:23 +0000)]
Provide CBS_get_last_u8().

This will be used in the TLSv1.3 record layer.

From BoringSSL.

ok tb@

2 years agostructure pads can leak uninitialized memory to userland via copyout,
deraadt [Wed, 15 Dec 2021 17:21:08 +0000 (17:21 +0000)]
structure pads can leak uninitialized memory to userland via copyout,
therefore the mandatory idiom is completely clearing structs before
building them for copyout -- that means ALMOST ALL STRUCTS, because
we never know when some architecture will pad a struct..  In two more
cases, the clearing wasn't performed.
from Reno Robert ZDI
ok millert bluhm

2 years agospamd: convert to opaque HMAC_CTX
tb [Wed, 15 Dec 2021 17:06:01 +0000 (17:06 +0000)]
spamd: convert to opaque HMAC_CTX

ok jsing

2 years agoSome more ASN.1 struct types that are postponed (because they are
schwarze [Wed, 15 Dec 2021 16:36:39 +0000 (16:36 +0000)]
Some more ASN.1 struct types that are postponed (because they are
related to templating macros) or intentionally undocumented.
Apart from NETSCAPE, PCTX, and low-level templating stuff,
all ASN.1 functions, types, and macros are now documented.

2 years agoThe PATH_MAX+1 bites. The PATH_MAX+1 bites. You die...
deraadt [Wed, 15 Dec 2021 16:29:29 +0000 (16:29 +0000)]
The PATH_MAX+1 bites.  The PATH_MAX+1 bites.  You die...
ok millert mlarkin

2 years agoSyzkaller found a dereference in igmp_leavegroup() where inm->inm_rti
bluhm [Wed, 15 Dec 2021 15:58:01 +0000 (15:58 +0000)]
Syzkaller found a dereference in igmp_leavegroup() where inm->inm_rti
is NULL.  It should be set in rti_fill(), but is not if malloc(9)
fails.  There is no rollback after malloc failure so the field stays
uninitialized.  The code is only called from ioctl, setsockopt or
a task.  Malloc should wait instead of failing, otherwise syscalls
would be unreliable.  While there also put an M_WAIT in the init
code.  During init malloc must not fail.
OK mvs@
Reported-by: syzbot+e22326057ccf34908d78@syzkaller.appspotmail.com
2 years agoAdjust pty and tty event filters
visa [Wed, 15 Dec 2021 15:30:47 +0000 (15:30 +0000)]
Adjust pty and tty event filters

* Implement EVFILT_EXCEPT for ttys for HUP condition detection.
  This filter is used when pollfd.events has no read/write events.

* Add HUP condition detection to filt_ptcwrite() and filt_ttywrite()
  to reflect ptcpoll() and ttpoll(). Only poll(2) and select(2) can
  utilize the code; kevent(2) should behave as before with EVFILT_WRITE.

* Clear EV_EOF and __EV_HUP if the EOF/HUP condition ends.

OK mpi@

2 years agoDocument i2c_ASN1_INTEGER(3).
schwarze [Wed, 15 Dec 2021 15:29:23 +0000 (15:29 +0000)]
Document i2c_ASN1_INTEGER(3).

While it was probably a mistake that steve@ made some i2c_*() and c2i_*()
functions public back in 2000 and while we would like to delete them from
the API, it may not be possible to delete this particular function because
in contrast to the others (which are already marked as intentionally
undocumented), this one is used by various real-world software, so for now,
explain what it does, just in case people find it in existing code.

While here, use the familiar term "byte" that we generally use
throughout all our manual pages, even though the ASN.1 standard
uses the term "octet" instead, which is more precise only in theory.

2 years agoUse a per-UVM object lock to serialize the lower part of the fault handler.
mpi [Wed, 15 Dec 2021 12:53:53 +0000 (12:53 +0000)]
Use a per-UVM object lock to serialize the lower part of the fault handler.

Like the per-amap lock the `vmobjlock' is principally used to serialized
access to objects in the fault handler to allow faults occurring on
different CPUs and different objects to be processed in parallel.

The fault handler now acquires the `vmobjlock' of a given UVM object as
soon as it finds one.  For now a write-lock is always acquired even if
some operations could use a read-lock.

Every pager, corresponding to a different kind of UVM object, now expect
the UVM object to be locked and some operations, like *_get() return it
unlocked.  This is enforced by assertions checking for rw_write_held().

The KERNEL_LOCK() is now pushed to the VFS boundary in the vnode pager.

To ensure the correct amap or object lock is held when modifying a page
many uvm_page* operations are now asserting for the "owner" lock.
However, fields of the "struct vm_page" are still being protected by the
global `pageqlock'.  To prevent lock ordering issues with the new
`vmobjlock' and to reduce differences with NetBSD this lock is now taken
and released for each page instead of around the whole loop.

This commit does not remove the KERNEL_LOCK/UNLOCK() dance.  Unlocking
will follow if there is no fallout.

Ported from NetBSD, tested by many, thanks!

ok kettenis@, kn@

2 years agoldapd always uses O_CREAT when reopening database files, so the database
jmatthew [Wed, 15 Dec 2021 11:36:40 +0000 (11:36 +0000)]
ldapd always uses O_CREAT when reopening database files, so the database
directory must be unveiled with "rwc" rather than just "rw".

ok deraadt@ mestre@

2 years agorestrict filesystem access with unveil(2).
mestre [Wed, 15 Dec 2021 11:23:09 +0000 (11:23 +0000)]
restrict filesystem access with unveil(2).

this one opens the default table file "/usr/share/misc/usb_hid_usages" through
hid_start(3) from libusbhid, then `dev' (will be the fd used on the ioctls)
and finally `conf' which is the file with the actions to be monitored. `conf'
needs to be unveil(2)ed with read perms since usbhidaction(1) can run as daemon
and this file will be re-read if a SIGHUP is catched.

looks good deraadt@

2 years agorestrict all filesystem access with unveil(2).
mestre [Wed, 15 Dec 2021 11:21:35 +0000 (11:21 +0000)]
restrict all filesystem access with unveil(2).

hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens
`dev', after that it's just performing ioctls on the fd left opened by the
latter so all fs access can be disabled.

2 years agoBump pkg-config version to 1.8.1
ratchov [Wed, 15 Dec 2021 08:30:34 +0000 (08:30 +0000)]
Bump pkg-config version to 1.8.1

2 years agogetcwd() operates on buffers of PATH_MAX including the NUL, and the +1
deraadt [Wed, 15 Dec 2021 04:01:52 +0000 (04:01 +0000)]
getcwd() operates on buffers of PATH_MAX including the NUL, and the +1
is not unneccesary. Different buffer sizes are actually dangerous, though
major problems are strangely rare.
ok millert

2 years agoPATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
deraadt [Wed, 15 Dec 2021 04:00:15 +0000 (04:00 +0000)]
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert

2 years agotypo in previous
deraadt [Wed, 15 Dec 2021 00:37:21 +0000 (00:37 +0000)]
typo in previous